CVE-2026-6903

Name of the Vulnerable Software and Affected Versions LabOne Web Server (affected versions not specified)

Description The LabOne Web Server, which supports the LabOne User Interface, has insufficient input validation in its file access functionality. This allows an unauthenticated attacker to read arbitrary files on the host system that the operating system user running the software can access. Furthermore, the server does not sufficiently restrict cross-origin requests, enabling a remote attacker to trigger file access from a victim's browser via a malicious website. This issue is only present when the LabOne Web Server is active; installations using only the LabOne APIs are not affected.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.